Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

Dead Man Dumping

Why is this happening again?

Pentagon braced for the release of 400,000 Iraq files on Wikileaks

A task force of 120 people has been assembled to assess the potential implications and damage of the disclosure of the documents, which promises to eclipse the recent release of more than 70,000 classified US military files on the Afghanistan war.

Col. Dave Lapan, the Pentagon spokesman, said the timing of the leak remained unclear but the Defence Department was ready for a document dump as early as Monday or Tuesday.

Some of the new data is said to be from a “tactical reports database” in Iraq that lists SIGACTS (“Significant activities”) relating to major military operations, movement of personnel and alliances with key tribal figures and allies.

See also:
Pentagon Preparing Response to Iraq Secrets Release by WikiLeaks Website
Pentagon braces for huge WikiLeaks dump on Iraq war
Wikileaks prepares to publish 400,000 secret reports on Iraq
Report: WikiLeaks to Release 400K More Iraq Files Monday
WikiLeaks To Release 400,000 Iraq War Files
400,000 secret Iraq war files set to be published by WikiLeaks
WikiLeaks expected to release 400,000 secret Iraq War files

Are you telling me that the combined resources of the U.S. Military and U.S. intelligence services can’t find Julian Assange and the rest of his criminal gang? It’s not like he’s trying to hide or anything. He should be declared an enemy of the State and dealt with accordingly. It’s ridiculous that he’s still walking around free, especially since he’s already leaked classified U.S. military documents once before.

/if these were Israeli classified military documents Assange was threatening to release, he’d be dead by now

Should Be Dead Man Still Walking And Talking

Why is Julian Assange still even alive at this point, let alone walking around free and giving interviews?

Pentagon pleads with Wikileaks not to release more files

The Pentagon is trying to persuade the whistle-blowing website WikiLeaks to abandon its planned release of 15,000 more classified files on the Afghan war.

Intelligence analysts have now identified which files are involved and Pentagon press secretary Geoff Morrell says their release will be even more damaging to national security and the war effort than the thousands already published.

“We are concerned the additional documents they have may cause even greater risks than the ones they released previously,” said Mr Morrell.

Defence Secretary Robert Gates warned that the release will put American and allied soldiers at risk with “potentially very severe” consequences.

He says that the documents “convey a huge amount of information about our tactics, techniques and procedures” and may be of great help to both the Taliban and al Qaeda.

Last month WikiLeaks founder Julian Assange – a former computer hacker – released 76,000 secret military files that the US government claims threaten the lives of Afghan civilians who have co-operated with US and Nato forces.

Joining a growing chorus of condemnation, White House spokesman Robert Gibbs said that any new release of files would help the enemy.

A new poll shows that 61 per cent of Americans consider the release to be an act of treason.

Reporters Without Borders – guardians of international press freedom – have accused Mr Assange of “incredible irresponsibility.”

Clothilde Le Coz, the group’s spokesperson, said Mr Assange and WikiLeaks were “going way too far” and putting lives in danger.

See also:
WikiLeaks says it won’t be threatened by Pentagon
Wikleaks will release 15,000 more secret documents about war in Afghanistan, despite Pentagon orders
WikiLeaks Says More Afghan War Documents To Be Released Soon
WikiLeaks: Rest of war documents to be released in a few weeks
Pentagon: Undisclosed Wikileaks documents ‘potentially more explosive’
Support for WikiLeaks Evaporates as New Release of War Documents Looms
Time for Obama to shut down WikiLeaks’ Assange
Reporters Without Borders: WikiLeaks Was Reckless
Reporters Without Borders Blasts Wikileaks
WikiLeaks to Publish More Secrets With Some Data Removed
Wikileaks
Wikileaks

Are you seriously telling me that all the combined resources of the United States military and intelligence services can’t hunt down Julian Assange and his co-conspirators, recover the stolen information, and shut down their internet presence?

/Assange has clearly demonstrated that he’s an enemy of the United States with fresh blood on his hands, he has the right to be disappeared and remain permanently silent